From f176b5ef5743b46a88520285e8cfdbe2ba45723c Mon Sep 17 00:00:00 2001
From: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Date: Fri, 22 Jul 2022 16:39:25 -0400
Subject: [PATCH] update tags to include C2 tactic (#2140)

---
 rules/macos/execution_installer_spawned_network_event.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/macos/execution_installer_spawned_network_event.toml b/rules/macos/execution_installer_spawned_network_event.toml
index b326c5fae..09963aaea 100644
--- a/rules/macos/execution_installer_spawned_network_event.toml
+++ b/rules/macos/execution_installer_spawned_network_event.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/02/23"
 maturity = "production"
-updated_date = "2022/03/31"
+updated_date = "2022/07/21"
 
 [rule]
 author = ["Elastic"]
@@ -27,7 +27,7 @@ references = [
 risk_score = 47
 rule_id = "99239e7d-b0d4-46e3-8609-acafcf99f68c"
 severity = "medium"
-tags = ["Elastic", "Host", "macOS", "Threat Detection", "Execution"]
+tags = ["Elastic", "Host", "macOS", "Threat Detection", "Execution", "Command and Control"]
 type = "eql"
 
 query = '''